Conasems Allegedly Hit by Second Breach as Threat Actor Claims 766,000 User Records

A threat actor claims a second breach of Brazil's Conasems exposed approximately 766,000 user records, significantly larger than an earlier alleged incident.
Forum post alleging a second Conasems data breach affecting 766,000 users. The screenshot shows the Conasems logo, the threat actor’s claim that this is a newer breach than an alleged 2025 incident, a list of purportedly exposed database fields, and a blurred sample of the alleged leaked data.
Screenshot of the forum post claiming a second breach of Conasems. The threat actor alleges the database contains approximately 766,000 user records, including personal information, account details, and platform metadata, making it significantly larger than a previously claimed incident.

A threat actor has claimed responsibility for a second alleged breach of Brazil’s National Council of Municipal Health Secretariats (Conasems), publishing what they describe as a database containing approximately 766,000 user records.

According to the forum post, the actor previously breached Conasems in November 2025, allegedly exposing around 68,000 users. The latest listing claims to contain a substantially larger dataset and has been offered as a direct download rather than being advertised for sale.

Alleged database contains extensive user information

The threat actor claims the dataset contains records associated with Conasems’ online platform, including personal profiles and account information.

Fields listed in the post allegedly include names, email addresses, phone numbers, CPF numbers, usernames, hashed passwords, dates of birth, municipality and state information, education level, gender, social names, ethnicity, disability indicators, course enrollments, user roles, profile metadata, and account status information.

The listing also references profile images, authentication tokens, application identifiers, and platform metadata, suggesting the alleged database may have originated from an internal user management system used by the organization.

BreachNews is not reproducing samples of the allegedly exposed data because they contain personally identifiable information.

Claims point to a larger incident

The forum post describes the leak as a newer dataset than the actor’s previously claimed November 2025 breach, increasing the alleged number of affected users from approximately 68,000 to 766,000.

At the time of publication, it remains unclear how the alleged compromise occurred or whether the organization has investigated the claims. Conasems had not issued any public statement at time of publication.

Pattern of recent disclosures

The claim was published by the same threat actor behind the Accenture source code breach, which was later confirmed by the company. Yesterday, the actor also claimed responsibility for the alleged Contaque source code breach. While that history makes the latest claim noteworthy, it does not independently verify the alleged compromise involving Conasems.

If confirmed, the exposure of government-related user records containing personal and account information could present risks including phishing, identity fraud, and credential abuse against affected individuals.

Picture of m00s3c

m00s3c

Moose (@m00s3c) is the author of BreachNews, focusing on data breach intelligence, dark web monitoring, and threat analysis. His work involves analyzing breach claims, reviewing leaked datasets, and tracking threat actor activity to provide clear, factual reporting.

Latest News

Newsletter signup

Get the latest data breach and security news.

Please wait...

Thank you for signing up!

BREACHNEWS.COM/SUPPORT/

Support Independent News.

Help support breach monitoring, investigations, infrastructure, and reporting.

Support the site
INTEL.BREACHNEWS.COM

Live Cyber
Threat Map

Explore live cyber activity, recent breach reports, KEV alerts, and public threat feeds from a single interactive dashboard.

Launch Threat Map